v1.35.0
What's Changed
- fix: k8s signer audit token forgery via unvalidated req.Command (#67) by @luisgf in #70
- fix: remove dead ResolveKind from internal/k8s (#68) by @luisgf in #71
- docs: document the Kubernetes API surface in API.md (#69) by @luisgf in #72
- docs(skill): add the Kubernetes target to the audit high-risk zones by @luisgf in #73
- docs: regenerate config reference — fix stale config.md / red Docs CI (#74) by @luisgf in #77
- fix: drop the dead force parameter from k8s Client.Apply (#75) by @luisgf in #78
- docs: k8s_apply approval gates the target, not the manifest payload (#76) by @luisgf in #79
- fix: close the untracked-file hole in the docs anti-drift gate, add make verify by @luisgf in #80
- feat: privilege separation in deploy — one system user per service by @luisgf in #81
- fix: k8s ActionPolicy deny rules were dead code (deny silently ignored) by @luisgf in #89
- fix: redact env-assignment no longer masks the bare shell PWD variable by @luisgf in #90
- fix: audit follow-ups — OPERATIONS drift, install.sh hardening, docgen prune, verify honesty by @luisgf in #91
- docs: finalize the v1.35.0 changelog for release by @luisgf in #92
Full Changelog: v1.34.0...v1.35.0